According to the General Data Protection Regulation, we are required to provide information about our processing of personal data and about the rights of data subjects.
1. Our collection of data
When we provide consulting services, we receive various documents from our clients. These documents are stored in a digital file and in some situations also in a physical file. The documents we receive from our clients often contain personal data, and during the processing of a case other personal data may be added, for example from other parties, other consultants, authorities, courts or in the form of publicly available information that we collect. This information could be general personal information, such as name and contact information. It could be civil registration numbers or information about criminal offences. It could also be sensitive personal information, for example about health conditions and trade union affiliation. The information may relate to our clients or other persons involved in the cases we process.
When you visit our websitewww.albrechtsen.com, we register which pages you have visited, when and which browser you have used. The information is used in anonymised form for operational purposes and to compile statistics, which may be used to improve the structure of our website.
Revisionsfirmaet Albrechtsen, Lindevangs Allé 4, 2000 Frederiksberg, CVR no. 77926410 is the controller of information we receive for the purpose of providing consultancy to our clients.
Our contact details are telephone +45 33 93 38 34, email@example.com.
If you have any questions about our processing of your personal information, please contact us at firstname.lastname@example.org
3. Purpose and basis
We process the information we receive for the purpose of being able to advise our clients in cases involving such information.
Processing is based on Article 6(1)(b), (c) or (f) and Article 9(2)(f) of the General Data Protection Regulation or on Section 8(3) of the Danish Data Protection Act, depending on the nature of the task and information. Normally, the basis for obtaining and processing the information will be, (1) that it is necessary in order for us to perform the contract with our clients, (2) to safeguard our clients' legitimate interests or (3) to establish, assert or defend their legal claims. When we process civil registration numbers, this is done in accordance with section 11 of the Danish Data Protection Act.
In cases covered by the Money Laundering Act, we obtain information about the identity of our clients for the purpose of meeting the requirements of the act. The basis for this processing follows from section 11 of the Money Laundering Act.
4. Disclosure, etc.
We do not make personal information available to others for marketing or similar purposes.
We only disclose personal information if it is necessary in order for us to safeguard the interests of our clients. The typical recipients of personal data will be authorities and courts. In cases covered by the Money Laundering Act, we disclose identity information, etc. to the extent that we are required to do so by law.
We do not normally transfer data outside the EU, and if we do, we observe the necessary security guarantees as required by applicable data protection legislation.
We entrust personal information to our system suppliers in accordance with data processing agreements, and only for the purpose of allowing us to use our IT systems.
We have appropriate technical and organisational measures in place to protect against unauthorised access to, loss of or destruction of personal data and other data for which we are responsible. We continuously develop our security policies and procedures to ensure that our systems are secure and protected. Only persons with a legitimate need to process personal data for the mentioned purposes have access to the personal data.
5. Storage period
We store personal information as long as we have a relevant legal interest in doing so, which is usually decided on the basis of a specific assessment of the relevance of the information compared with the applicable statutes of limitations. If we have a relevant legal interest, storage will be possible for up to 10 years after the case has been closed.
In cases covered by the Money Laundering Act, we store identity information in accordance with the applicable rules for five years after the case has been closed.
6. Rights of data subjects
According to the General Data Protection Regulation, data subjects have:
- right to access the data we process about them;
- right to have inaccurate information rectified;
- right, in certain cases, to have data erased before the time at which we would otherwise generally erase data;
- right, in certain cases, to have the processing restricted so that in future – except for storage – processing may only take place subject to consent or for the purpose of establishing, asserting or defending legal claims
- or to protect a person or important public interests;
- right, in some cases, to object to our or the legal processing of the information; and
- right to receive the registered personal data in a structured, commonly used and machine-readable format, and to have the personal data transferred to another controller without hindrance.
In connection with the data subject's exercise of the above rights, we may require relevant proof of identity.
You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you will find on www.datatilsynet.dk.
You have the right to appeal to the Danish Data Protection Agency if you disagree with the manner in which we process your personal data. You will find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.
This briefing will be continuously updated in accordance with current rules, practices or changes in our business procedures.
Frederiksberg, 12 August 2019